Threat modeling

• Product and project managers who need to understand the methodology and output of a threat model
• Security managers who are responsible for performing or understanding the output of a threat model
• System, software, and hardware engineers, developers

• Understand in general terms what a threat and risk analysis / threat model is
• Get a deeper look into the four stages of performing a threat model with the STRIDE methodology
• Learn how to create a data flow diagram of a / your own product / service / solution, including trust boundaries
• Learn how to identify threats with the STRIDE methodology
• Get a basic understanding of how to rate / identify risks or threats
• Learn how to elaborate counter- or mitigation measures for each identified threat
• Understand several options for how evaluate your own analysis and how to elaborate fitting action items

Requirements:

• General understanding and awareness of IT security
• Knowledge about the system overview, the technologies used, and the communication between these components